Total
284768 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-7783 | 2 Miniplex Labs, Mintplexlabs | 2 Miniplex Labs\/anything Lim, Anythingllm | 2024-10-31 | 7.5 High |
mintplex-labs/anything-llm version latest contains a vulnerability where sensitive information, specifically a password, is improperly stored within a JWT (JSON Web Token) used as a bearer token in single user mode. When decoded, the JWT reveals the password in plaintext. This improper storage of sensitive information poses significant security risks, as an attacker who gains access to the JWT can easily decode it and retrieve the password. The issue is fixed in version 1.0.3. | ||||
CVE-2024-48227 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 7.5 High |
Funadmin 5.0.2 has a logical flaw in the Curd one click command deletion function, which can result in a Denial of Service (DOS). | ||||
CVE-2024-48223 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.8 Critical |
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/fieldlist. | ||||
CVE-2024-48222 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.8 Critical |
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/edit. | ||||
CVE-2024-48218 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.8 Critical |
Funadmin v5.0.2 has a SQL injection vulnerability in /curd/table/list. | ||||
CVE-2024-7774 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain-ai\/langchainjs | 2024-10-31 | 9.1 Critical |
A path traversal vulnerability exists in the `getFullPath` method of langchain-ai/langchainjs version 0.2.5. This vulnerability allows attackers to save files anywhere in the filesystem, overwrite existing text files, read `.txt` files, and delete files. The vulnerability is exploited through the `setFileContent`, `getParsedFile`, and `mdelete` methods, which do not properly sanitize user input. | ||||
CVE-2024-48226 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.8 Critical |
Funadmin 5.0.2 is vulnerable to SQL Injection in curd/table/savefield. | ||||
CVE-2024-48225 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 9.1 Critical |
Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile. | ||||
CVE-2024-20280 | 2024-10-31 | 6.3 Medium | ||
A vulnerability in the backup feature of Cisco UCS Central Software could allow an attacker with access to a backup file to learn sensitive information that is stored in the full state and configuration backup files. This vulnerability is due to a weakness in the encryption method that is used for the backup function. An attacker could exploit this vulnerability by accessing a backup file and leveraging a static key that is used for the backup configuration feature. A successful exploit could allow an attacker with access to a backup file to learn sensitive information that is stored in full state backup files and configuration backup files, such as local user credentials, authentication server passwords, Simple Network Management Protocol (SNMP) community names, and the device SSL server certificate and key. | ||||
CVE-2023-31310 | 2024-10-31 | 5 Medium | ||
Improper input validation in Power Management Firmware (PMFW) may allow an attacker with privileges to send a malformed input for the "set temperature input selection" command, potentially resulting in a loss of integrity and/or availability. | ||||
CVE-2024-48224 | 1 Funadmin | 1 Funadmin | 2024-10-31 | 7.5 High |
Funadmin v5.0.2 has an arbitrary file read vulnerability in /curd/index/editfile. | ||||
CVE-2024-49635 | 2 Manzurul Haque, Manzurulhaque | 2 Banner Slider, Banner Slider | 2024-10-31 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manzurul Haque Banner Slider allows Reflected XSS.This issue affects Banner Slider: from n/a through 2.1. | ||||
CVE-2023-50355 | 1 Hcltech | 1 Sametime | 2024-10-31 | 3.6 Low |
HCL Sametime is impacted by the error messages containing sensitive information. An attacker can use this information to launch another, more focused attack. | ||||
CVE-2024-49637 | 1 Foxskav | 1 Bet Wc 2018 Russia | 2024-10-31 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Foxskav Bet WC 2018 Russia allows Reflected XSS.This issue affects Bet WC 2018 Russia: from n/a through 2.1. | ||||
CVE-2024-49636 | 1 Prashantmavinkurve | 1 Agile Video Player Lite | 2024-10-31 | 7.1 High |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Prashant Mavinkurve Agile Video Player Lite allows Reflected XSS.This issue affects Agile Video Player Lite: from n/a through 1.0. | ||||
CVE-2024-41153 | 2 Hitachi Energy, Hitachienergy | 7 Tro600, Tro610, Tro610 Firmware and 4 more | 2024-10-31 | 7.2 High |
Command injection vulnerability in the Edge Computing UI for the TRO600 series radios that allows for the execution of arbitrary system commands. If exploited, an attacker with write access to the web UI can execute commands on the device with root privileges, far more extensive than what the write privilege intends. | ||||
CVE-2024-20466 | 2024-10-31 | 6.5 Medium | ||
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to obtain sensitive information from an affected device. This vulnerability is due to improper enforcement of administrative privilege levels for high-value sensitive data. An attacker with read-only Administrator privileges for the web-based management interface on an affected device could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. | ||||
CVE-2024-20462 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | 5.5 Medium |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Multiplatform Analog Telephone Adapter firmware could allow an authenticated, local attacker with low privileges to view passwords on an affected device. This vulnerability is due to incorrect sanitization of HTML content from an affected device. A successful exploit could allow the attacker to view passwords that belong to other users. | ||||
CVE-2024-20460 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | 6.1 Medium |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information on an affected device. | ||||
CVE-2024-20421 | 1 Cisco | 4 Ata 191, Ata 191 Firmware, Ata 192 and 1 more | 2024-10-31 | 7.1 High |
A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on the affected device with the privileges of the targeted user. |